Debian Bug report logs -
#777033
php5: CVE-2015-1351
Reported by: Moritz Muehlenhoff <jmm@inutil.org>
Date: Wed, 4 Feb 2015 08:51:01 UTC
Severity: important
Tags: security, upstream
Found in version php5/5.6.5+dfsg-1
Fixed in version php5/5.6.6+dfsg-2
Done: Ondřej Surý <ondrej@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>:
Bug#777033; Package php5.
(Wed, 04 Feb 2015 08:51:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@inutil.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>.
(Wed, 04 Feb 2015 08:51:06 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: php5
Severity: important
Tags: security
Justification: user security hole
Hi,
CVE-2015-1351:
https://bugs.php.net/bug.php?id=68677
http://git.php.net/?p=php-src.git;a=commit;h=777c39f4042327eac4b63c7ee87dc1c7a09a3115
CVE-2015-1352:
https://bugs.php.net/bug.php?id=68741
http://git.php.net/?p=php-src.git;a=commit;h=124fb22a13fafa3648e4e15b4f207c7096d8155e
Cheers,
Moritz
Added tag(s) upstream.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Wed, 04 Feb 2015 09:21:07 GMT) (full text, mbox, link).
Marked as found in versions php5/5.6.5+dfsg-1.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Wed, 04 Feb 2015 09:21:08 GMT) (full text, mbox, link).
Bug 777033 cloned as bug 777036
Request was from Ondřej Surý <ondrej@debian.org>
to control@bugs.debian.org.
(Wed, 04 Feb 2015 09:57:04 GMT) (full text, mbox, link).
Changed Bug title to 'php5: CVE-2015-1351' from 'php5: CVE-2015-1351 CVE-2015-1352'
Request was from Ondřej Surý <ondrej@debian.org>
to control@bugs.debian.org.
(Wed, 04 Feb 2015 09:57:05 GMT) (full text, mbox, link).
Bug 777033 cloned as bug 777037
Request was from Ondřej Surý <ondrej@debian.org>
to control@bugs.debian.org.
(Wed, 04 Feb 2015 09:57:10 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>:
Bug#777033; Package php5.
(Sat, 21 Feb 2015 21:06:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Mühlenhoff <jmm@inutil.org>:
Extra info received and forwarded to list. Copy sent to Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>.
(Sat, 21 Feb 2015 21:06:04 GMT) (full text, mbox, link).
Message #20 received at 777033@bugs.debian.org (full text, mbox, reply):
On Wed, Feb 04, 2015 at 09:45:26AM +0100, Moritz Muehlenhoff wrote:
> Package: php5
> Severity: important
> Tags: security
> Justification: user security hole
>
> Hi,
> CVE-2015-1351:
> https://bugs.php.net/bug.php?id=68677
> http://git.php.net/?p=php-src.git;a=commit;h=777c39f4042327eac4b63c7ee87dc1c7a09a3115
Still unfixed in 5.6.6
Cheers,
Moritz
Reply sent
to Ondřej Surý <ondrej@debian.org>:
You have taken responsibility.
(Tue, 24 Feb 2015 09:21:05 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <jmm@inutil.org>:
Bug acknowledged by developer.
(Tue, 24 Feb 2015 09:21:05 GMT) (full text, mbox, link).
Message #25 received at 777033-close@bugs.debian.org (full text, mbox, reply):
Source: php5
Source-Version: 5.6.6+dfsg-2
We believe that the bug you reported is fixed in the latest version of
php5, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 777033@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Ondřej Surý <ondrej@debian.org> (supplier of updated php5 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 24 Feb 2015 07:54:59 +0100
Source: php5
Binary: php5 php5-common libapache2-mod-php5 libapache2-mod-php5filter php5-cgi php5-cli php5-phpdbg php5-fpm libphp5-embed php5-dev php5-dbg php-pear php5-curl php5-enchant php5-gd php5-gmp php5-imap php5-interbase php5-intl php5-ldap php5-mcrypt php5-readline php5-mysql php5-mysqlnd php5-odbc php5-pgsql php5-pspell php5-recode php5-snmp php5-sqlite php5-sybase php5-tidy php5-xmlrpc php5-xsl
Architecture: source all
Version: 5.6.6+dfsg-2
Distribution: unstable
Urgency: medium
Maintainer: Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>
Changed-By: Ondřej Surý <ondrej@debian.org>
Description:
libapache2-mod-php5 - server-side, HTML-embedded scripting language (Apache 2 module)
libapache2-mod-php5filter - server-side, HTML-embedded scripting language (apache 2 filter mo
libphp5-embed - HTML-embedded scripting language (Embedded SAPI library)
php-pear - PEAR - PHP Extension and Application Repository
php5 - server-side, HTML-embedded scripting language (metapackage)
php5-cgi - server-side, HTML-embedded scripting language (CGI binary)
php5-cli - command-line interpreter for the php5 scripting language
php5-common - Common files for packages built from the php5 source
php5-curl - CURL module for php5
php5-dbg - Debug symbols for PHP5
php5-dev - Files for PHP5 module development
php5-enchant - Enchant module for php5
php5-fpm - server-side, HTML-embedded scripting language (FPM-CGI binary)
php5-gd - GD module for php5
php5-gmp - GMP module for php5
php5-imap - IMAP module for php5
php5-interbase - interbase/firebird module for php5
php5-intl - internationalisation module for php5
php5-ldap - LDAP module for php5
php5-mcrypt - MCrypt module for php5
php5-mysql - MySQL module for php5
php5-mysqlnd - MySQL module for php5 (Native Driver)
php5-odbc - ODBC module for php5
php5-pgsql - PostgreSQL module for php5
php5-phpdbg - server-side, HTML-embedded scripting language (PHPDBG binary)
php5-pspell - pspell module for php5
php5-readline - Readline module for php5
php5-recode - recode module for php5
php5-snmp - SNMP module for php5
php5-sqlite - SQLite module for php5
php5-sybase - Sybase / MS SQL Server module for php5
php5-tidy - tidy module for php5
php5-xmlrpc - XML-RPC module for php5
php5-xsl - XSL module for php5
Closes: 777033
Changes:
php5 (5.6.6+dfsg-2) unstable; urgency=medium
.
* Fix use after free in 'opcache' component of PHP (CVE-2015-1351)
* Fix NULL Pointer Deference in pgsql (CVE-2015-1352) (Closes: #777033)
Checksums-Sha1:
b84f0fb3d83cd6965ddfba9f146b84d6f37cfd4a 5163 php5_5.6.6+dfsg-2.dsc
ff2f685d2520795aba92def86cbb9de5378fac65 119208 php5_5.6.6+dfsg-2.debian.tar.xz
c5fe8eb183231a8b3ebaf96ab3cdd5e21145cf4d 1304 php5_5.6.6+dfsg-2_all.deb
32fc51cea98cde2e64fa3a483113a42148d96a55 268722 php-pear_5.6.6+dfsg-2_all.deb
Checksums-Sha256:
f2d04e7d12661be71a7bf0e7040ec7eb9f9ada1bcee985c45d5c6143c726ec17 5163 php5_5.6.6+dfsg-2.dsc
591c9d921864ee89cab4c43eb44edea77f69247ccd987bf972e494f28d97ae8c 119208 php5_5.6.6+dfsg-2.debian.tar.xz
f6a66133c16f7893ff66ac009065a48d33cf5383e180cb7a7927df5bd56741fc 1304 php5_5.6.6+dfsg-2_all.deb
d7c98a72ce2d20ccdfacf0612fdff6bd9e4f87267d732387564dd9284877a4d6 268722 php-pear_5.6.6+dfsg-2_all.deb
Files:
995d2cb10b48f12db3abaddb82f77ddc 5163 php optional php5_5.6.6+dfsg-2.dsc
0957388d3811e33e938b6d4f4905cb55 119208 php optional php5_5.6.6+dfsg-2.debian.tar.xz
564a2f39ca4bbe69146261932ad4dde2 1304 php optional php5_5.6.6+dfsg-2_all.deb
37a10707c2f25e6c51178b0e733191a1 268722 php optional php-pear_5.6.6+dfsg-2_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQJ8BAEBCgBmBQJU7C5MXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQzMEI5MzNEODBGQ0UzRDk4MUEyRDM4RkIw
Qzk5QjcwRUY0RkNCQjA3AAoJEAyZtw70/LsHbywQALXnwpaSqCJ9BCLscvRYPj8L
l20kOk2JTfZOELIe1D/54RNwe01LCI6R5ADpOTPIeoK85zot1tfiVm4Ql/dUs2WK
MCy92UQI4XLXXWG8EqsvL3ILgEhq2VcvS5K3qYO6fHFENbWHW7ZTUmRoH/hvZdCb
MEld8RMXbWC7/lfPvi/1IXf6OIIwkxd1w5Ocuk9e0XrLcnkXVKLQl4tJ0hj2pi3M
pvAt5WzVUP0Fl5Zv2PWdd2gI8PmaarGIr7kYSmye1lXicqP46jj1638Zi1Sy+YWX
g5y/kFYwzHmXgWssAGwksUXvfHGuJr7sYU39sJxIJjPHOE2G5ownwhhYFfj0OuUz
XZfvyGn2zsGg71R7/qaM8XfZpnLs32Q606WYX8MkoYy6/bmAN2yBW3pQlIveYxff
U7rX49jHOCy+GO5ySCjNY9bckgXQ5sYnQQrFvwSl0L9x7s6J/pSrjOM2k0kSKZFe
iNCT9d3SrQqNy/E7yPq/dmAdaBR/OwVg/3iAJuS+3/3cIZP/LK4PuNbId3N9g7R0
+xarVENYfXqWpzP6IK6nTDQlV9Zy7uwB0c7lpFCaj3nur+49omFU3vrdg5HSfIW/
v8pSXeKjeG28bfxHXs3t8blftiGrruk+oFzQaKWnaS7X6byud6ss4C4w54Nt0FgS
LjrRIm8jdEnSJAmhOfGu
=5PMT
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Thu, 02 Apr 2015 07:28:27 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 14:52:02 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon